Laptop with Fairview, North Memorial Patient Info Stolen

Letters send to 14,000 patients affected by theft

MINNEAPOLIS - Fairview Health Services and North Memorial Hospital are sending apology and explanation letters to 16,800 patients after a laptop with patient information was stolen in July.

Hospital officials said the laptop was stolen from a locked car on July 25. The theft occurred in a Minneapolis restaurant parking lot. The laptop had been locked inside a car that was parked downtown. Police were contacted and the case is still under investigation.

Fairview Health Services confirmed 14,000 patients are affected, and North Memorial Hospital said 2,800 of their patients were affected by the theft -- however, the Social Security numbers of North Memorial's patients were not on the computer.

There has been no evidence that any patient information has been accessed or misused as a result of the theft so far.

The laptop belonged to an employee of Accretive Health, a healthcare services firm providing business and patient care coordination services. The computer held files containing patient names, addresses, dates of birth, account balances, dates of services, some diagnostic information and social security numbers. It did not contain credit card numbers or other patient financial information.

“This loss of sensitive patient information is disappointing and unacceptable,” said Lois Dahl, Fairview director of privacy. “We do believe the overall risk of anybody accessing the data is low.”

Both Fairview and Accretive Health have policies and procedures that require all laptops to be fully encrypted. In its investigation, Accretive Health discovered that as a result of human error, this particular laptop was password protected, but not encrypted, meaning the files are potentially at increased risk of being accessed. Accretive Health has acknowledged this mistake and has invested in additional technology to ensure this does not happen again.

Both hospitals are notifying affected individuals of this loss of personal data and offering free identity theft protection and fraud monitoring services. Accretive Health will pay for these services.

“Ultimately, we are responsible for the protection of our patients’ personal and health information,” said Mark Werner, M.D., chief clinical integration officer at Fairview. “We owe it to them and to our employees to do everything we can to learn from this incident and see that it doesn’t happen again,” he said.

Other actions being taken by Fairview include:

Sending a written reminder to all employees and medical staff about Fairview’s patient privacy policies and guidelines to protect patient information

Reducing or eliminating, wherever possible, the use of social security numbers in its billing and care processes

FOX 9 News asked both hosptials why patients weren't notified of the theft earlier, and a Fairview spokeswoman said it took a certain amount of time to reconstruct the data and find out which patients were impacted.

Neither hospital was willing to let a representative speak on camera for this story, but both said they are taking steps to improve security.

No comments:

About our blog

This blog covers the issue of computer and DATA theft. As editors of this blog, we seek out and provide published articles from freely available news and wire report & information sources. The loss of personal data via an act of physical hardware theft is increasingly a serious problem and is growing at an alarming rate. The sheer size of this blog attests to the growing problem.

We would love to hear from you. Tell us about your experience, your theft or anti-theft story. Tell us what it cost you, how you recovered, how you felt.

By sharing information, we feel that others will benefit. If we can prevent even more thefts just by bringing the issue to the front, then we have done our job.